1IPSEC(8) Executable programs IPSEC(8)
2
3
4
6 ipsec - invoke IPsec utilities
7
9 ipsec command [argument...] ipsec --help
10 ipsec --version
11 ipsec --directory
12
14 ipsec invokes any of several utilities involved in controlling the
15 IPsec encryption/authentication system, running the specified command
16 with the specified arguments as if it had been invoked directly. This
17 largely eliminates possible name collisions with other software, and
18 also permits some centralized services.
19
20 ipsec --help lists the available commands. Most have their own manual
21 pages, e.g. ipsec_auto(8) for auto.
22
23 ipsec --version outputs the software version. A version code of the
24 form ``Uxxx/Kyyy'' indicates that the user-level utilities are version
25 xxx but the kernel portion appears to be version yyy (this form is used
26 only if the two disagree). For the NETKEY/XFRM stack, the kernel
27 version is used, always displaying the U/K split.
28
29 ipsec --directory reports where ipsec thinks the IPsec commands are
30 stored.
31
33 To get a list of supported commands, use ipsec --help. A few of the
34 commonly used commands are described below
35
36 ipsec setup start|stop|restart maps to the host init system. Supported
37 init systems are sysv, systemd, upstart and openrc.
38
39 ipsec barf dumps the internal system status to stdout for debugging
40
41 ipsec auto is used to manually add, remove, up or down connections. For
42 more information see 'man ipsec_auto
43
44 ipsec whack is used to communicate direct commands to the pluto daemon
45 using the whack interface. For more information see 'man ipsec_pluto'
46
47 ipsec initnss initialises the NSS database that contains all the X.509
48 certificate information and private RSA keys
49
50 ipsec checknss [--settrusts] is used to check the NSS database and
51 initialize it when it is not present and optionally set trust bits for
52 CA certificates.
53
54 ipsec import is used to import PKCS#12 X.509 files into the NSS
55 database
56
57 ipsec checknflog is used to initialise iptables rules for the nflog
58 devices when specified via the nflog= or nflog-all= configuration
59 options.
60
61 ipsec stopnflog is used to delete iptables rules for the nflog devices.
62
64 The ipsec command passes the return code of the sub-command back to the
65 caller. The only exception is when ipsec pluto is used without
66 --nofork, as it will fork into the background and the ipsec command
67 returns success while the pluto daemon may in fact exit with an error
68 code after the fork.
69
71 /usr/libexec/ipsec usual utilities directory
72
74 ipsec.conf(5), ipsec.secrets(5), ipsec_auto(8), ipsec_checknss(8),
75 ipsec_initnss(8), ipsec_setup(8), ipsec_showhostkey(8)
76
78 Henry Spencer
79
80
81
82libreswan 02/21/2021 IPSEC(8)